Commits

Sergey Maranchuk committed 31147e2

reputation: check if post really belong to user

Comments (0)

Files changed (2)

-0f1fddaeb9771a8e0aeae35c8cd66e24058c0bcc projects
+07a9dad465bbd8654713e8d9d0479b83a1097be6 projects

djangobb_forum/forms.py

             pass
         else:
             raise forms.ValidationError(_('You already voted for this post'))
+        
+        # check if this post really belong to `from_user`
+        if not Post.objects.filter(pk=self.cleaned_data['post'].id, user=self.to_user).exists():
+            raise forms.ValidationError(_('This post does\'t belong to this user'))
+
         return self.cleaned_data